The United States Department of Defense (DoD) finalized a new rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. The program includes a minimum cybersecurity requirement for almost all DoD contractors.
The program is designed to further protect Federal Contract Information and Controlled Unclassified Information from threats. The program provides a simplified approach with three levels, instead of the previously five, of cybersecurity requirements depending on the sensitivity of the information the contractor is expected to handle.
The program’s goal is to verify these contractors have implemented required security measures and continue to maintain compliance for the duration of the period of performance.
These updates signify a significant step toward improving security and compliance within defense contracts and the importance of cybersecurity best practices in safeguarding information.
DoD Contractors should be aware of these new requirements, and others should be on the lookout for changes in cybersecurity expectations across all other federal agencies.
